Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/typo3/cms-recycler@13.0.0
Typecomposer
Namespacetypo3
Namecms-recycler
Version13.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version13.4.23
Latest_non_vulnerable_version14.0.2
Affected_by_vulnerabilities
0
url VCID-buz5-hzv3-97hp
vulnerability_id VCID-buz5-hzv3-97hp
summary 
TYPO3 backend modules have Broken Access Control
Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59017
reference_id
reference_type
scores
0
value 0.00067
scoring_system epss
scoring_elements 0.20978
published_at 2026-04-04T12:55:00Z
1
value 0.00067
scoring_system epss
scoring_elements 0.20919
published_at 2026-04-02T12:55:00Z
2
value 0.00072
scoring_system epss
scoring_elements 0.22016
published_at 2026-04-16T12:55:00Z
3
value 0.00072
scoring_system epss
scoring_elements 0.218
published_at 2026-04-29T12:55:00Z
4
value 0.00072
scoring_system epss
scoring_elements 0.21813
published_at 2026-04-26T12:55:00Z
5
value 0.00072
scoring_system epss
scoring_elements 0.21824
published_at 2026-04-24T12:55:00Z
6
value 0.00072
scoring_system epss
scoring_elements 0.21964
published_at 2026-04-21T12:55:00Z
7
value 0.00072
scoring_system epss
scoring_elements 0.2201
published_at 2026-04-18T12:55:00Z
8
value 0.00076
scoring_system epss
scoring_elements 0.22822
published_at 2026-04-09T12:55:00Z
9
value 0.00076
scoring_system epss
scoring_elements 0.22844
published_at 2026-04-11T12:55:00Z
10
value 0.00076
scoring_system epss
scoring_elements 0.22807
published_at 2026-04-12T12:55:00Z
11
value 0.00076
scoring_system epss
scoring_elements 0.22751
published_at 2026-04-13T12:55:00Z
12
value 0.00076
scoring_system epss
scoring_elements 0.22694
published_at 2026-04-07T12:55:00Z
13
value 0.00076
scoring_system epss
scoring_elements 0.2277
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59017
1
reference_url https://github.com/TYPO3-CMS/backend/commit/0aedf33d910bceafc2ed0e715743cc0d30124501
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/backend/commit/0aedf33d910bceafc2ed0e715743cc0d30124501
2
reference_url https://github.com/TYPO3-CMS/beuser/commit/eb9b0c14a514a7aada8a2aa30e57696e286044c7
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/beuser/commit/eb9b0c14a514a7aada8a2aa30e57696e286044c7
3
reference_url https://github.com/TYPO3-CMS/dashboard/commit/582006c6bdf251160001eee6624901baccdcfcd2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/dashboard/commit/582006c6bdf251160001eee6624901baccdcfcd2
4
reference_url https://github.com/TYPO3-CMS/recycler/commit/43475578eb1d9fa3b765537c96bcdf48582ee53b
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/recycler/commit/43475578eb1d9fa3b765537c96bcdf48582ee53b
5
reference_url https://github.com/TYPO3-CMS/workspaces/commit/32222508043940f9073c338d4205c730a2e02070
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/workspaces/commit/32222508043940f9073c338d4205c730a2e02070
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-59017
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-59017
7
reference_url https://typo3.org/security/advisory/typo3-core-sa-2025-021
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T19:30:08Z/
url https://typo3.org/security/advisory/typo3-core-sa-2025-021
8
reference_url https://github.com/advisories/GHSA-2fhw-2j7m-mr4m
reference_id GHSA-2fhw-2j7m-mr4m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2fhw-2j7m-mr4m
fixed_packages
0
url pkg:composer/typo3/cms-recycler@13.4.18
purl pkg:composer/typo3/cms-recycler@13.4.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hz62-3vvg-bbg4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-recycler@13.4.18
aliases CVE-2025-59017, GHSA-2fhw-2j7m-mr4m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-buz5-hzv3-97hp
1
url VCID-hz62-3vvg-bbg4
vulnerability_id VCID-hz62-3vvg-bbg4
summary 
TYPO3 CMS Allows Broken Access Control in Recycler Module
### Problem
Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the website unavailable.

### Solution
Update to TYPO3 versions 10.4.55 ELTS, 11.5.49 ELTS, 12.4.41 LTS, 13.4.23 LTS, 14.0.2 that fix the problem described.

### Credits
Thanks to Sven Jürgens and Daniel Windloff for reporting this issue, and to TYPO3 security team member Elias Häußler for fixing it.

### References
* [TYPO3-CORE-SA-2026-003](https://typo3.org/security/advisory/typo3-core-sa-2026-003)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59022
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04215
published_at 2026-04-02T12:55:00Z
1
value 0.00017
scoring_system epss
scoring_elements 0.0442
published_at 2026-04-29T12:55:00Z
2
value 0.00017
scoring_system epss
scoring_elements 0.04383
published_at 2026-04-26T12:55:00Z
3
value 0.00017
scoring_system epss
scoring_elements 0.04363
published_at 2026-04-24T12:55:00Z
4
value 0.00017
scoring_system epss
scoring_elements 0.04347
published_at 2026-04-21T12:55:00Z
5
value 0.00017
scoring_system epss
scoring_elements 0.04221
published_at 2026-04-18T12:55:00Z
6
value 0.00017
scoring_system epss
scoring_elements 0.04211
published_at 2026-04-16T12:55:00Z
7
value 0.00017
scoring_system epss
scoring_elements 0.04243
published_at 2026-04-13T12:55:00Z
8
value 0.00017
scoring_system epss
scoring_elements 0.04267
published_at 2026-04-12T12:55:00Z
9
value 0.00017
scoring_system epss
scoring_elements 0.04282
published_at 2026-04-11T12:55:00Z
10
value 0.00017
scoring_system epss
scoring_elements 0.04295
published_at 2026-04-09T12:55:00Z
11
value 0.00017
scoring_system epss
scoring_elements 0.0425
published_at 2026-04-07T12:55:00Z
12
value 0.00017
scoring_system epss
scoring_elements 0.04236
published_at 2026-04-04T12:55:00Z
13
value 0.00017
scoring_system epss
scoring_elements 0.04281
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59022
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/336d6f165458a0ce32d8330999ab9ab6a5983d20
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:19:35Z/
url https://github.com/TYPO3/typo3/commit/336d6f165458a0ce32d8330999ab9ab6a5983d20
3
reference_url https://github.com/TYPO3/typo3/commit/a6604db66499710f72ae6e7006beb14ad0913aae
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:19:35Z/
url https://github.com/TYPO3/typo3/commit/a6604db66499710f72ae6e7006beb14ad0913aae
4
reference_url https://github.com/TYPO3/typo3/commit/efb9528f9882ac924c40598ebd8508479e9950a3
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:19:35Z/
url https://github.com/TYPO3/typo3/commit/efb9528f9882ac924c40598ebd8508479e9950a3
5
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-p52w-7rhw-9m67
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/security/advisories/GHSA-p52w-7rhw-9m67
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-59022
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-59022
7
reference_url https://typo3.org/security/advisory/typo3-core-sa-2026-003
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:19:35Z/
url https://typo3.org/security/advisory/typo3-core-sa-2026-003
8
reference_url https://github.com/advisories/GHSA-p52w-7rhw-9m67
reference_id GHSA-p52w-7rhw-9m67
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p52w-7rhw-9m67
fixed_packages
0
url pkg:composer/typo3/cms-recycler@13.4.23
purl pkg:composer/typo3/cms-recycler@13.4.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-recycler@13.4.23
1
url pkg:composer/typo3/cms-recycler@14.0.2
purl pkg:composer/typo3/cms-recycler@14.0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-recycler@14.0.2
aliases CVE-2025-59022, GHSA-p52w-7rhw-9m67
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hz62-3vvg-bbg4
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-recycler@13.0.0